Log Search
이 콘텐츠는 아직 한국어로 제공되지 않습니다.
Log Search is the primary investigation tool for SOC analysts. It provides full-text search across all ingested security logs with real-time filtering, field analysis, and export capabilities.
Search Interface
Query Syntax
- Full-text search: Type any keyword to search across all log fields
- Field-specific: Use
field:valuesyntax (e.g.,src_ip:192.168.1.100) - Boolean operators: Combine with
AND,OR,NOT - Wildcards: Use
*for partial matching (e.g.,host:web-*)
Global Search Shortcut
Press Ctrl+K / Cmd+K from any page to open global search. Default prefix routes to Log Search.
Features
Search Highlighting
Matching terms are highlighted in search results using the <HighlightText> component, making it easy to spot relevant data in large log entries.
Click-to-Filter
Click any cell value in search results to add it as a filter condition. This enables rapid drill-down without manually typing queries.
Field Browser
Browse available log fields with value distribution statistics. Click any field to add it as a search filter or display column.
Copy-to-Clipboard
Copy field values (IPs, hostnames, hashes) directly from detail views for use in other investigation tools.
Entity Pivot
Click on entities (IPs, hostnames, users) to navigate to related log entries with a pre-filled search query.
Export
Export search results as CSV or JSON for offline analysis or reporting.
Date Range Filtering
Select predefined time ranges or custom date/time windows:
- Last 15 minutes, 1 hour, 4 hours, 24 hours
- Last 7 days, 30 days
- Custom date range picker
Access Requirements
Log Search is available on all tiers including Detect (Free).